On 10/06/2005, at 10:54 AM, Martin Hill wrote:
Anyone else struck the problem of trying to enable FTP traffic
through the
Firewall in Mac OS X 10.4 Tiger Server?
I've just installed Tiger Server on one of our G5 Xserves (Dual 2
GHz G5,
1GB RAM 1.2TB HD) and as soon as I turn on the Firewall, FTP
clients can't
connect and download files despite ticking the allow traffic for
FTP Service
ports 20-21 check box.
Not sure what OS X does but considering it use U/Linux daemons and
clients I would assume you would have to make FTP Passive and
allocate ports for your FTP then inform the firewall of these ports.
I would normally give this port numbers up in the 50000 and how many
you open depends on how many clients you would expect to be accessing
at any one time, many considerations to take into account. If it is
too face the Internet even more to consider.
I came across this discussion at http://discussions.info.apple.com/:
The internal firewall settings have changed from 10.3 to 10.4.
Here is the problem (from another thread): firewall (ipfw) is
preventing ftp
client from using a <server assigned port>. When ftp client on
MacOSX connects
to a server, a server assigns a local port number, which are in
unprivileged
IP range. The firewall on MacOS Tiger prevents the ftp client to
connect back
to the assigned port range. In another words, communication fails
after
initial handshake between ftp client and ftpd is complete (and
this problem
only occurs when ftp client is trying to connect a ftp server that
uses
IP_PORTRANGE feature.
============================================
The rule that was used in the 10.3 firewall was:
ALLOW If protocol is TCP and source port is 20,21 and destination
port is
1024-65535 and packet is incoming and packet is incoming.
============================================
The client computer will need to add this rule using a program
like WEBMIN or
BRICKHOUSE, or it will be necessary to turn off the firewall
whenever FTP
facility is desired.
Unless there is a way of defeating the Host Portrange feature from
the client.
Kori
So it looks like I'm not alone.
I tried manually creating a new Advanced Rule to "ALLOW If protocol
is TCP
and source port is 20,21 and destination port is 1024-65535" as
mentioned
above but haven't had any success yet.
Any suggestions?
-Mart
--------------------------------------
Martin Hill
mailto:[EMAIL PROTECTED]
homepages: http://mart.ozmac.com
Mb: 0417-967-969 hm: (08)9314-5242
-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Unsubscribe - <mailto:[EMAIL PROTECTED]>
WAMUG is powered by Stalker CommuniGatePro
Cheers!
Rob Davies
[EMAIL PROTECTED]
"You can always tell if you're working on a Mac or a PC," he said.
"Just take your applications and stick them in and see if they run
(Gates 05)." If it does Welcome to Mac OS X! (RJDarts 05).
